CVE-2017-0377

{"id": "CVE-2017-0377", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-07-02T15:29:00.187", "references": [{"url": "https://blog.torproject.org/blog/tor-0309-released-security-update-clients", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@debian.org"}, {"url": "https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@debian.org"}, {"url": "https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350", "tags": ["Patch", "Third Party Advisory"], "source": "security@debian.org"}, {"url": "https://security-tracker.debian.org/CVE-2017-0377", "tags": ["Third Party Advisory"], "source": "security@debian.org"}, {"url": "https://trac.torproject.org/projects/tor/ticket/22753", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "security@debian.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families."}, {"lang": "es", "value": "Las versiones 0.3.x de Tor anteriores a la 0.3.0.9 cuentan con un algoritmo de selecci\u00f3n de restricciones que solo considera el exit relay (no la familia del exit relay), lo que podr\u00eda permitir que atacantes remotos superen las propiedades de anonimato planeadas aprovechando la existencia de grandes familias."}], "lastModified": "2017-07-14T14:21:16.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:torproject:tor:0.3.0.1:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7722805-17F9-4215-81B9-E30EE016778B"}, {"criteria": "cpe:2.3:a:torproject:tor:0.3.0.2:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "028D39E2-0968-4B98-A9E4-60B51440175F"}, {"criteria": "cpe:2.3:a:torproject:tor:0.3.0.3:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FB26D60-528A-4E06-84A9-8B86143307DA"}, {"criteria": "cpe:2.3:a:torproject:tor:0.3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D60F7D93-611B-43F8-A3EE-874A34F912A1"}, {"criteria": "cpe:2.3:a:torproject:tor:0.3.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B332C5B-1762-48BA-BD3E-7DD2CC01F65C"}, {"criteria": "cpe:2.3:a:torproject:tor:0.3.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B815A38-5CE8-4BF3-AE6F-C11CACDBFA75"}, {"criteria": "cpe:2.3:a:torproject:tor:0.3.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF6364CA-DBDA-4626-90A9-FF06A0E08619"}, {"criteria": "cpe:2.3:a:torproject:tor:0.3.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CA71B4E-8EF4-41D4-AE30-F643D2916209"}], "operator": "OR"}]}], "sourceIdentifier": "security@debian.org"}